Industry welcomes ICO statement on data security

News by SC Staff

The statement by the Information Commissioners Office has been met with praise from the industry.

The statement by the Information Commissioners Office has been met with praise from the industry.


The security sector was quick to welcome the opinions of Richard Thomas, and saw that his pro-active measures were for the benefit of companies and the general public.


Chris Mayers, chief security architect at Citrix, said: “The Information Commissioner's speech only echoes the thoughts of the rest of the country: data exposure is becoming an all too familiar occurrence and, if recent months are anything to go by, shows no sign of abating.


“But what strikes me about his latest comments is that many of the exposures he references have only came to light because of a stricter disclosure and investigation regime. If it wasn't for all the publicity about data loss - and the resulting government reports – many organisations might not even have noticed the data was exposed.
“With the Information Commissioner suggesting that the situation is only going to get worse, we need to stop pondering and start acting. All organisations handling sensitive data need to realise there is nothing more important than their responsibility to keep that information secure - which means ensuring data is properly encrypted, or better still, never leaves the data centre.”


Meanwhile Jason Hart, former ethical hacker and now VP Europe for CRYPTOCard, said that senior executives should take heed of the announcement and force a review of their security strategy if they're to avoid being on the Commissioner's next data breach list.


Hart comments: “Naming and shaming organisations that fail to secure confidential data is imperative to the process of improving government regulations that will safeguard consumers against identity theft or loss.  As the Information Commissioner suggests, however, today's announcement is just the tip of the iceberg. 


“In most organisations, password protection forms the frontline of data security, though this is often a business' greatest vulnerability.  I've seen hackers crack passwords in less than sixty seconds using a variety of methods, most of which are available free on the internet. 


“For example, nearly every week we hear of laptops being lost or stolen, but it is not just the data stored on these devices that we should be concerned about. The unseen threat is the VPN client found on these laptops, which allows employees, and hackers, with easy and immediate access to a company's entire data estate. 


“Though most businesses already recognise the need to implement a firewall or anti-virus solution, few do anything to verify the identity of users accessing the network.  Unless you lock the door, then anyone can walk into your company and literally destroy your reputation or the integrity of your data.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews